Realizing a Long-held Dream

Okay, so it wasn’t as auspicious as that title makes it sound… 

But I’ve been struggling, literally for several years (on and off), to get my Cisco RV-320 router to accept a VPN connection from an iOS device. After much struggle, I was able to get things to work under Windows, courtesy of an app called GreenBow. But iOS? No joy.

Until today. When I accidentally typed a different set of search terms into Google and came up with this link. Voila! Followed the instructions and I had a connection!

Here’s the gist of what you have to do:

  1. Set up an Easy VPN tunnel, under VPN -> Client to Gateway
  2. Set up a user for the router/VPN tunnel, under User Management
  3. Configure the VPN connection on your iOS device. The critical parts are:
    1. Use IPsec as the Type
    2. When you define the Server entry, make sure your server can be found from the internet. For me this required setting up a Dynamic DNS account, which ensures whatever IP address gets assigned to my WAN connection gets resolved to a static DNS name (I use the DynDNS service).
    3. Here’s where it gets confusing. Set the IPSec Account to the user ID you set up in step 2. 
    4. Set the Group Name to whatever you defined when you set up the Easy VPN tunnel in step 1.
    5. Set the Secret to the password you defined for the tunnel in step 1 (the terminology here is very counter-intuitive, IMHO).

Well, I had a connection alright — progress! — but couldn’t see anything on my home LAN.

Turns out that’s because my LAN doesn’t utilize the DHCP server built into the Cisco router. I have a Raspberry Pi that I use for that function, via dnsmasq (I do that so that can have more control over what addresses get assigned to what devices on my LAN, some of which I want to always have the same IP address).

By default, Easy VPN tunnels use the router as the DHCP server when the tunnels are set up. But you can change that, by going into VPN -> Summary -> Virtual IP Range (Edit), and changing the value of DNS Server 1 to point at your DHCP server (in my case, that Raspberry Pi).

It’s nice to finally be able to get into my home LAN from anywhere I happen to have an internet connection and my iPhone.

2 thoughts on “Realizing a Long-held Dream”

  1. “I do that so that can have more control over what addresses get assigned to what devices on my LAN, some of which I want to always have the same IP address”

    wouldn’t DHCP reservation on the router ensure they always get the same IP address?

  2. Possibly. It’s been a while since I wrote this post and I’ve moved on to using OpenVPN on a Pi because I switched to AT&T Fiber and couldn’t use the Cisco router anymore.

    If I recall correctly I don’t think the Cisco DHCP server was all that easy to configure. Or maybe it’s that it didn’t offer a DNS capability for my LAN. dnsmasq does both.

Leave a Reply to chairmanmao Cancel Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Archives
Categories